Here's how well the top 100 online retailers secure your password

By Justin Kahn
Jan 27, 2014
Post New Reply
  1. Many of us take for granted how secure our credit card and banking information is when purchasing goodies online. Even though a retailer may have a generally good reputation, it doesn't necessarily mean it treats your private financial data with...

    Read more
  2. OneSpeed

    OneSpeed TS Addict Posts: 245   +69

    How safe can it be if the servers are located in the US? NSA will have access, if they don't already. Remember the article here saying how Apple is agreeing with the NSA on allowing certain phones be handle by the NSA before they are delivered to the customers? Perfect 100...
  3. cliffordcooley

    cliffordcooley TS Guardian Fighter Posts: 8,430   +2,822

    "According to the study, between 55 and 70% of the world's top online retailers allow users to create very weak passwords, with sites like Amazon, Best Buy, Macy's and others all allowing logins after 10 incorrect attempts. Using a simple scoring system from -100 to 100, each site is ranked based on their password security policies."
    If the consumer wants to use a weak password, why should the retailer care? This has nothing to do with how secure everyone else is while using the retailer.
    Phr3d and m4a4 like this.
  4. OneSpeed

    OneSpeed TS Addict Posts: 245   +69

    In the end, it doesn't matter.
  5. davislane1

    davislane1 TS Evangelist Posts: 3,372   +2,164

    Because it only takes one ***** getting five minutes of fame in the news to hurt sales. You have to remember, we don't live in a culture of personal responsibility anymore. If someone gets hosed because of their own cavalier approach to financial security, it's not their fault -- it's the fault of the retailer for not providing them adequate protection from themselves.
    MilwaukeeMike likes this.
  6. MilwaukeeMike

    MilwaukeeMike TS Evangelist Posts: 2,729   +1,093

    Funny timing on this one... I just got an email from a friend regarding a website called it's a weight loss website and the ad for the website promotes a book of the same title called 'It's not your fault you're fat'. I haven't read the book though, so I don't know whose fault it is :)

    I can see both sides of this one though.... being forced to use an extra strong password also makes it hard to remember. Requirements for capitals and numbers etc mean the password for that site will probably be unique from other password they use. Great for security, except for many people the difficulty in remembering prompts them to write it down.
  7. cliffordcooley

    cliffordcooley TS Guardian Fighter Posts: 8,430   +2,822

    I suppose you are right, which also describes the foundation of flaws with our culture.
  8. There's an easier solution to their password woes. It's called password manager. They only need to remember one password for their password manager, and then it will remember all your other passwords. The world would be a better place If everyone start to use password managers.
  9. cliffordcooley

    cliffordcooley TS Guardian Fighter Posts: 8,430   +2,822

    And if you become a target, only one password would need to be broken. But then the topic is how irresponsible the retailers are, not the consumers who choose to purchase from them. Consumer irresponsibility had nothing to do with Target's latest incident. Pointing a finger at consumers is nothing more than an escape goat.
    Capaill likes this.
  10. tonylukac

    tonylukac TS Evangelist Posts: 1,292   +55

    On the mainframe at the university of illinois at chicago we had a house created system (acf1, predecessor to acf2 security which the authors got millions from), that did similar things you're talking about; 3 logon attempts and hashed passwords, etc. in 1976, or earlier. What did we do, reinvent the wheel? The nsa had to know the hashing algorithm. The truth.
    cliffordcooley likes this.
  11. modonn

    modonn TS Rookie

    Justin, inferring that password strength for public accounts gives an indication of how securely these corps secure our data is weak at best and the overall tone of this article is misleading. BTW your site accepted an extremely weak, very short, alphabetical, single case, dictionary word as my password for this account that you forced me create in order to comment.
  12. mailpup

    mailpup TS Special Forces Posts: 6,964   +355

    Modonn, you do not have to create an account to comment in the TechSpot News and Comments forum.
  13. rub900

    rub900 TS Member Posts: 76   +6

    The Wal-Mart comment is ********. It brings the whole study into question.
  14. MonsterZero

    MonsterZero TS Addict Posts: 202   +64

    You forgot Target - 0
  15. GeforcerFX

    GeforcerFX TS Evangelist Posts: 488   +123

    Link is messed up for the full report, it takes you to the target article just like the other link.
  16. wiyosaya

    wiyosaya TS Maniac Posts: 936   +242

    Personally, I always delete my credit card information from any web site that I use. Newegg is nice in that it allows you to use a credit card without saving the card info. Yes - I understand that credit card info is attached to previous orders, however, it seems more secure if I do not leave them on file with any online company, and enter it each time I order something. To me, that is much less of an inconvenience than having my cards stolen.

    Amazon, in contrast to Newegg, does not allow a choice to save the card or use it one time. They seem bent on convenience and getting their customers to buy as much garbage as possible rather than on the security of their users. I do give them a small amount of credit - pun intended - in that they allow you to remove your credit card, but they make it a more complicated task in that users must go to their account, choose "Manage Payment Options" and then delete any card that they do not want on file. Amazon recently changed that page in that it is now a drop down and in order to see the delete button, you must activate the drop down.

    I also do not leave my address, either, and for sites that require entries in the address field, such as Newegg, I enter valid garbage. Otherwise, I get junk snail mail from them. For anyone who wants to aggressively stop junk snail mail in the US, research US Postal Service form 1500. The form has been all the way to the supreme court in the US, and has been ruled legal to use even though you must declare that you consider that any junk mail that you receive is "porn."

    IMHO, online stores want to store too much information that they simply do not need.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...